With government financial aid at its highest ever known level and a reliance on communications to and from HMRC, sadly this well known ‘brand’ has become a prime target for scammers. Although for some time we have seen HMRC-branded tax scam campaigns throughout the year, peaking at different times in line with many of our key business events (for example around the Self-Assessment deadline in January), these have rapidly increased over the past couple of months.
HMRC Taking Action
Thankfully, HMRC does have a dedicated Customer Protection Team, which prevents scams by:
Automatically identifying most cyber scams before customers have even reported them
Asking Internet Service Providers (ISPs) to remove the malicious content from the websites
Deploying innovative technologies to prevent misleading and malicious communications ever reaching citizens
Warning the public through sharing details and examples of genuine and scam communications on GOV.UK and through the media
Maintaining channels through which people can report suspicious contact, at phishing@hmrc.gov.uk and 60599 for texts
Working with the telecoms industry to identify abuses of the words in texts that can be used in place of 11-digit 07 numbers, and requesting that they are blocked automatically
Working with national and international law enforcement organisations.
This effort by HMRC has meant that the organisation has dropped from the unwelcome ‘accolade’ of 14th to 146th ‘most-phished brand in the world’ over the past three years. However, in recent weeks HMRC has detected more than 70 Covid-related financial scams to date, most by text message and some by email and has asked Internet Service Providers to take down more than 500 web pages associated with these Covid-related scam campaigns - just proving how real this threat is to us all!
In addition to their ongoing work to warn customers about scams, HMRC are running a radio ad campaign, during May, to alert people to an increased threat of scams. They are also supporting the radio ads with social media posts, including on Twitter, Facebook and LinkedIn as well as working closely with the Home Office, National Cyber Security Centre and other government departments, helping to coordinate efforts to combat scams.
There is a lot that we can do to all help ensure our families, friends, colleagues, clients and business associates don’t fall victim to these scams by spreading the word and supporting various social media campaigns, for example those below:
However, it isn’t just the HMRC that are being targeted. There are many different types of scam emails that you may get sent from all sorts of different providers. Most scammers are trying to use social engineering to attack you, so watch out for emails:
Claiming to come from someone in authority e.g. your boss, the bank, etc.
Requesting urgent action - especially if there is a fine or penalty
Tugging on your heart strings or referring to current events to get you to click the link
FOMO or Fear Of Missing Out, a really common one where you are led to believe that only immediate action will enable you to take advantage
Check the email address does the name and email address look correct? Watch out for misspelling and strange full stops.
If you aren’t sure then contact the sender. But remember, don't use the numbers/emails/links in the email as these may be false, but visit the official website instead. Don’t be tempted to reply to the email, this just confirms to the sender that they have managed to access a real person. Finally, once you have decided that an email is a scam, report it and then delete it!
What do you do if you have already clicked?
If the worst happens and you realise that you have clicked on a link or entered your details into a website, what should you do?
If you've provided your password, change the passwords on all your accounts that use the same one
When changing your password, NEVER click on a link from an email, ALWAYS go directly to the website in your browser and login and change your password there
Open your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds
If you're using a work laptop or phone, contact your IT department and let them know
If you’ve been tricked into providing your banking details, contact your bank and let them know
If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), contact the provider directly and ask for your account password to be reset
If you're worried that your financial position may have been potentially put at risk by a scam please get in touch by calling 0808 144 5575 or email using the link below.
